package org.sentrysoftware.winrm.service.client.auth.kerberos;

import java.nio.file.Path;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.http.auth.KerberosCredentials;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.sentrysoftware.winrm.Utils;
import org.sentrysoftware.winrm.exceptions.KerberosCredentialsException;
import org.sentrysoftware.winrm.service.client.auth.UsernamePasswordCallbackHandler;

/* loaded from: input_file:org/sentrysoftware/winrm/service/client/auth/kerberos/KerberosUtils.class */
public class KerberosUtils {
    private static final String TRUE = Boolean.TRUE.toString();
    private static final String FALSE = Boolean.FALSE.toString();
    private static final String DO_NOT_PROMPT = "doNotPrompt";
    private static final String USE_TICKET_CACHE = "useTicketCache";
    private static final String IS_INITIATOR = "isInitiator";
    private static final String CLIENT = "client";
    private static final String REFRESH_KRB5_CONFIG = "refreshKrb5Config";
    private static final String KERBEROS_V5_OID = "1.2.840.113554.1.2.2";
    private static final Configuration JAAS_CONFIG;

    private KerberosUtils() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AppConfigurationEntry[] createAppConfigurationEntries(Map<String, String> map) {
        return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, map)};
    }

    public static KerberosCredentials createCredentials(String str, char[] cArr, Path path) {
        Utils.checkNonNull(str, "username");
        Utils.checkNonNull(cArr, "password");
        try {
            String upperCase = str.trim().toUpperCase();
            return new KerberosCredentials((GSSCredential) Subject.doAs(authenticate(upperCase, cArr, path != null ? createConfigurationWithTicketCache(path) : JAAS_CONFIG), createPrivilegedAction(upperCase)));
        } catch (KerberosCredentialsException e) {
            throw e;
        } catch (Exception e2) {
            throw new KerberosCredentialsException(e2);
        }
    }

    public static Configuration createConfigurationWithTicketCache(Path path) {
        final HashMap hashMap = new HashMap();
        hashMap.put(REFRESH_KRB5_CONFIG, TRUE);
        hashMap.put(CLIENT, TRUE);
        hashMap.put(IS_INITIATOR, TRUE);
        hashMap.put(USE_TICKET_CACHE, TRUE);
        hashMap.put(DO_NOT_PROMPT, TRUE);
        hashMap.put("ticketCache", path.toString());
        return new Configuration() { // from class: org.sentrysoftware.winrm.service.client.auth.kerberos.KerberosUtils.2
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return KerberosUtils.createAppConfigurationEntries(hashMap);
            }
        };
    }

    public static Subject authenticate(String str, char[] cArr, Configuration configuration) {
        try {
            LoginContext createLoginContext = createLoginContext(new UsernamePasswordCallbackHandler(str, cArr), configuration);
            createLoginContext.login();
            return createLoginContext.getSubject();
        } catch (LoginException e) {
            throw new KerberosCredentialsException("Kerberos Login failure. Make sure Kerberos is properly configured.", e);
        }
    }

    private static PrivilegedAction<GSSCredential> createPrivilegedAction(String str) {
        return () -> {
            try {
                GSSManager gSSManager = GSSManager.getInstance();
                return gSSManager.createCredential(gSSManager.createName(str, (Oid) null), 0, new Oid(KERBEROS_V5_OID), 1);
            } catch (GSSException e) {
                throw new KerberosCredentialsException(String.format("Unable to create credential for user \"%s\" after login", str), e);
            }
        };
    }

    public static LoginContext createLoginContext(CallbackHandler callbackHandler, Configuration configuration) throws LoginException {
        return new LoginContext("", (Subject) null, callbackHandler, configuration);
    }

    static {
        final HashMap hashMap = new HashMap();
        hashMap.put(REFRESH_KRB5_CONFIG, TRUE);
        hashMap.put(CLIENT, TRUE);
        hashMap.put(IS_INITIATOR, TRUE);
        hashMap.put(USE_TICKET_CACHE, FALSE);
        hashMap.put(DO_NOT_PROMPT, FALSE);
        JAAS_CONFIG = new Configuration() { // from class: org.sentrysoftware.winrm.service.client.auth.kerberos.KerberosUtils.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return KerberosUtils.createAppConfigurationEntries(hashMap);
            }
        };
    }
}
